{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T10:12:12Z","timestamp":1773223932733,"version":"3.50.1"},"reference-count":61,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,5]]},"DOI":"10.1109\/sp.2017.46","type":"proceedings-article","created":{"date-parts":[[2017,6,26]],"date-time":"2017-06-26T16:34:26Z","timestamp":1498494866000},"page":"521-538","source":"Crossref","is-referenced-by-count":55,"title":["HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL\/TLS Implementations"],"prefix":"10.1109","author":[{"given":"Suphannee","family":"Sivakorn","sequence":"first","affiliation":[]},{"given":"George","family":"Argyros","sequence":"additional","affiliation":[]},{"given":"Kexin","family":"Pei","sequence":"additional","affiliation":[]},{"given":"Angelos D.","family":"Keromytis","sequence":"additional","affiliation":[]},{"given":"Suman","family":"Jana","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786835"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786835"},{"key":"ref33","first-page":"1690","article-title":"SFAD-iff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning","author":"argyros","year":"2016","journal-title":"Proceedings of the ACM SIGSAC Conference on Computerand Communications Security"},{"key":"ref32","year":"0","journal-title":"Apache Software Foundation Apache HttpComponents-HttpComponents HttpClient Overview"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/0890-5401(87)90052-6"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1007\/978-3-642-16558-0_54","article-title":"Inference and Abstraction of the Biometric Passport","author":"aarts","year":"2010","journal-title":"Proc Conf Leverag App of Formal Methods Verification and Validation"},{"key":"ref37","first-page":"1","article-title":"Remote Timing Attacks Are Practical","author":"brumley","year":"2003","journal-title":"Proc Usenix Security Symposium"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"ref35","first-page":"1","article-title":"Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1","author":"bleichenbacher","year":"1998","journal-title":"Proceedings of the Annual InternationalCryptology Conference on Advances in Cryptology"},{"key":"ref34","first-page":"53","author":"balc\u00e1zar","year":"1997","journal-title":"Algorithms for learning finite automata from queries A unified view"},{"key":"ref60","author":"sipser","year":"2006","journal-title":"Introduction to the Theory of Computation"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978411"},{"key":"ref28","year":"2015","journal-title":"CVE-2015–1855"},{"key":"ref27","year":"2014","journal-title":"CVE-2014–1492"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ICSTW.2013.60"},{"key":"ref2","year":"0"},{"key":"ref1","year":"0"},{"key":"ref20","year":"2007","journal-title":"RFC 4985-Internet X 509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name"},{"key":"ref22","year":"2008","journal-title":"RFC 5321-Simple Mail Transfer Protocol"},{"key":"ref21","year":"2008","journal-title":"RFC 5280 - Internet X 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"},{"key":"ref24","year":"2011","journal-title":"RFC 6125-Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X 509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)"},{"key":"ref23","year":"2010","journal-title":"RFC 5890-Internationalized Domain Names for Applications (IDNA) Definitions and Document Framework"},{"key":"ref26","year":"2014","journal-title":"CVE-2014–0092"},{"key":"ref25","year":"2013","journal-title":"RFC 6818-Updates to the Internet X 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"ref51","year":"0","journal-title":"GNU Compilers Gcov-Using the GNU Compiler Collection (GCC)"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/1081180.1081189"},{"key":"ref58","year":"0","journal-title":"Oracle Java Cryptography Architecture Oracle Providers Documentation"},{"key":"ref57","article-title":"Ron was wrong, Whit is right","author":"lenstra","year":"2012","journal-title":"The Journal of the International Association for Cryptologie Research"},{"key":"ref56","author":"langley","year":"2014","journal-title":"Apple's SSL\/TLS Bug"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1977.16"},{"key":"ref54","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/3897.001.0001","author":"kearns","year":"1994","journal-title":"An Introduction to Computational Learning Theory"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_22"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.38"},{"key":"ref10","year":"0","journal-title":"Java Native Interface (JNI)"},{"key":"ref11","year":"0","journal-title":"libFuzzer-A Library for Coverage-guided Fuzz Testing"},{"key":"ref40","first-page":"511","article-title":"Oorschot. SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements","author":"clark","year":"2013","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"ref12","year":"0","journal-title":"Opensips"},{"key":"ref13","year":"0","journal-title":"proxytunnel"},{"key":"ref14","year":"0","journal-title":"SLOCCount"},{"key":"ref15","year":"0","journal-title":"Telex Anticensorship"},{"key":"ref16","year":"1987","journal-title":"RFC 1035 Domain names - implementation and specification"},{"key":"ref17","year":"1989","journal-title":"RFC 1123 Requirements for Internet Hosts - Application and Support"},{"key":"ref18","year":"2000","journal-title":"HTTP Over TLS - RFC 2818"},{"key":"ref19","year":"2003","journal-title":"RFC 3492-Punycode A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)"},{"key":"ref4","year":"0"},{"key":"ref3","year":"0"},{"key":"ref6","year":"0","journal-title":"American Fuzzy Lop (AFL) Fuzzer"},{"key":"ref5","year":"0"},{"key":"ref8","year":"0","journal-title":"FreeRADIUS"},{"key":"ref7","year":"0","journal-title":"cURL-Compare SSL Libraries"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/32.87284"},{"key":"ref9","year":"0","journal-title":"GnuTLS 3 5 10 X509 certificate API"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.42"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"ref48","doi-asserted-by":"crossref","first-page":"454","DOI":"10.1007\/978-3-319-41540-6_25","article-title":"Combining Model Learning and Model Checking to Analyze TCP Implementations","author":"fiter?u-bro?tean","year":"2016","journal-title":"Proceedings of the International Conference on Computer Aided Verification"},{"key":"ref47","first-page":"78","article-title":"Learning Fragments of the TCP Network Protocol","author":"fiter?u-bro?tean","year":"2014","journal-title":"Proceedings of the International Conference on Formal Methods for Industrial Critical Systems"},{"key":"ref42","year":"0","journal-title":"Docjar HostnameChecker"},{"key":"ref41","first-page":"193","article-title":"Protocol State Fuzzing of TLS Implementations","author":"de ruiter","year":"2015","journal-title":"Proc Usenix Security Symposium"},{"key":"ref44","author":"duong","year":"2012","journal-title":"The CRIME Attack"},{"key":"ref43","author":"duong","year":"2011","journal-title":"Here Come the ?ninjas"}],"event":{"name":"2017 IEEE Symposium on Security and Privacy (SP)","location":"San Jose, CA, USA","start":{"date-parts":[[2017,5,22]]},"end":{"date-parts":[[2017,5,26]]}},"container-title":["2017 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7957740\/7958557\/07958596.pdf?arnumber=7958596","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,26]],"date-time":"2019-09-26T23:45:43Z","timestamp":1569541543000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7958596\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5]]},"references-count":61,"URL":"https:\/\/doi.org\/10.1109\/sp.2017.46","relation":{},"subject":[],"published":{"date-parts":[[2017,5]]}}}